--- title: Signin description: Create a user session by signing in with username and password credentials. url: https://docs.influxdata.com/influxdb/cloud/api/signin/ estimated_tokens: 2874 product: InfluxDB Cloud (TSM) version: cloud --- [Download InfluxDB Cloud (TSM) API Spec](/openapi/influxdb-cloud-v2-api.yml) Create a user session by signing in with username and password credentials. POST `/api/v2/signin` ### Create a user session. Authenticates [Basic authentication credentials](#section/Authentication/BasicAuthentication) for a [user](/influxdb/cloud/reference/glossary/#user), and then, if successful, generates a user session. To authenticate a user, pass the HTTP `Authorization` header with the `Basic` scheme and the base64-encoded username and password. For syntax and more information, see [Basic Authentication](#section/Authentication/BasicAuthentication) for syntax and more information. If authentication is successful, InfluxDB creates a new session for the user and then returns the session cookie in the `Set-Cookie` response header. InfluxDB stores user sessions in memory only. They expire within ten minutes and during restarts of the InfluxDB instance. #### User sessions with authorizations - In InfluxDB Cloud, a user session inherits all the user’s permissions for the organization. - In InfluxDB OSS, a user session inherits all the user’s permissions for all the organizations that the user belongs to. #### Related endpoints - [Signout](#tag/Signout) #### Parameters ##### Header parameters `Zap-Trace-Span` string OpenTracing span context Example request [Ask AI about this](#) ```sh curl --request POST \ "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/signin" \ --header "Authorization: Bearer INFLUX_TOKEN" ``` #### Responses 204 Success. The user is authenticated. The `Set-Cookie` response header contains the session cookie. 401 Unauthorized. This error may be caused by one of the following problems: - The user doesn’t have access. - The user passed incorrect credentials in the request. - The credentials are formatted incorrectly in the request. `code` required string code is the machine-readable error code. Allowed: `internal error` , `not implemented` , `not found` , `conflict` , `invalid` , `unprocessable entity` , `empty value` , `unavailable` , `forbidden` , `too many requests` , `unauthorized` , `method not allowed` , `request too large` , `unsupported media type` `err` string Stack of errors that occurred during processing of the request. Useful for debugging. `message` string Human-readable message. `op` string Describes the logical code operation when the error occurred. Useful for debugging. 403 Forbidden. The user account is disabled. `code` required string code is the machine-readable error code. Allowed: `internal error` , `not implemented` , `not found` , `conflict` , `invalid` , `unprocessable entity` , `empty value` , `unavailable` , `forbidden` , `too many requests` , `unauthorized` , `method not allowed` , `request too large` , `unsupported media type` `err` string Stack of errors that occurred during processing of the request. Useful for debugging. `message` string Human-readable message. `op` string Describes the logical code operation when the error occurred. Useful for debugging. default Unsuccessful authentication. `code` required string code is the machine-readable error code. Allowed: `internal error` , `not implemented` , `not found` , `conflict` , `invalid` , `unprocessable entity` , `empty value` , `unavailable` , `forbidden` , `too many requests` , `unauthorized` , `method not allowed` , `request too large` , `unsupported media type` `err` string Stack of errors that occurred during processing of the request. Useful for debugging. `message` string Human-readable message. `op` string Describes the logical code operation when the error occurred. Useful for debugging.